hxxp://schema[.]org/ViewAction

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://schema.org/ViewAction

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
4616	msedge.exe
4616	msedge.exe
2436	identity_helper.exe
2436	identity_helper.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 2868	4616	msedge.exe	40
PID 4616 wrote to memory of 2868	4616	msedge.exe	40
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 540	4616	msedge.exe	84
PID 4616 wrote to memory of 2756	4616	msedge.exe	82
PID 4616 wrote to memory of 2756	4616	msedge.exe	82
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83
PID 4616 wrote to memory of 4820	4616	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://schema.org/ViewAction
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa46a946f8,0x7ffa46a94708,0x7ffa46a94718
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,1019423369429760842,5143749152544931743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
e83d0f81ba4b7f18932c06be4d1b955b

SHA1
6bfae71ea139138894573ce281fbb28a2373a367

SHA256
f61ec22f55d2229ca19d0b4b108d905e5ca1c76fd4d44eafd54c8720a6787ebb

SHA512
269377146d9028821220913cc0dae5687d596f7feed24fb030632004812862ba1a984da661bb02c1afdad180291d0c7219dc8c37e538bf9e98b79619657f70d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1d9ed944b82e47779680c2e6eaf423ab

SHA1
fd23ea155cfadf6e4c574a0650415aa17074d2e9

SHA256
8b8df3b07ed5fe53e3dd6a40ca5c830578b772eb90bb6284c55adf7c6d076c73

SHA512
96c846d8a4c008dd271a03a300065e731c59a70798cf85a5a16c588d1ace3d2d6938ac9201a5803162e40f357dfe291671e8952a58b5bdcfc6aa4a7a12dc9eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
903e77456f8912500084d1d92f3b36e0

SHA1
43abf681e8332d79e9cc099778d761f4398e80d3

SHA256
21138d0b49707ef03b5cd76777ae2986309615716db04eae1f486af0cd919ea7

SHA512
16377e62ad99c8548494d57814bba7eaec5a4942b8df753ccb13c536fc84caa5b8d4a98c5c5db528aa9101ed2e9b48c37af95d3d2bfb4535f9503b7234015711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20c0ff0a9d313f350337be960a6789ef

SHA1
d76d247b4f3c9e3f35e2de5828beb92ecb48dc52

SHA256
91b9922d7658b31227f2bd90ab4799262a210a7f99f65492fa08029344fdecec

SHA512
28a401cd3e35c3c46efd861a2d5138ad3e0c6a7285dd7326e3929a2f015cb64f30b49f97cdd7a5d60e773431a0b52f3d3d1a5c2fe95fdfb5aec74fae7eb162dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4117dca6898f17583176cf40c708c7eb

SHA1
5479526ee3415c5acd01d887ae13a57bbbe3ece3

SHA256
51c7638b2f26b1ebe9c503b94ee6c8c1aa93ca16e1850897bb009eabaab8b48e

SHA512
aa4f2cd81779f8ed1fab7585fcf84b66e39ced64822e7e4cdeb669c41fba4533cd3a1814d47a437a1f7dfcacf4e66a029e32e7d466a94ffb9b1bd7ba649802bc

Download Submit